faq
flatforty
contribute
subscribe
configure
search
rdf
main
parent
|
Auto bug detecting
by KDe User on Thursday 01/Jun/2006, @01:26
|
> Over 800 minor issues fixed thanks to Coverity
Wow, an automatic bug-detector... |
|
|
The Fine Print: The following comments
are owned by whomever posted them.
( Reply )
|
Re: Auto bug detecting
by Adriaan de Groot on Thursday 01/Jun/2006, @02:14
|
More a "potential bug detector". By analyzing source code, you can figure out whether all the variables are initialized, if pointers are non-NULL, etc. Coverity has advanced tools (like ESC/Java, but for C and C++) for doing the analysis and a fairly nice user interface for examining the results of the analysis. Basically, we got hundreds of reports like "Pointer p may be NULL in code p->foo() in file foo.cpp on line 121." So there's your bug (crash) detector; Dirk did most of the fixing, if I remember correctly.
|
[
Reply To This | View ]
|
Re: Auto bug detecting
by Menge on Thursday 01/Jun/2006, @20:37
|
Shouldn't this be done via debugging tools?
Test suites are of great importance to improve code quality.
|
[
Reply To This | View ]
|
Re: Auto bug detecting
by john on Tuesday 06/Jun/2006, @07:44
|
Simple debugging is inadequate and inefficient. Coverity tools perform what is known as "static analysis" - they actually "reason" on the code and look for ways that small sections of code can be accessed (for example, if using a debugger only, you may never hit the 'magic' combination of tests and system state to try a portion of an if-test or rarely-called subroutine. Static analysis doesn't have that problem, it can walk through almost any possible code scenario without actually running the code. It can be time-consuming and tricky, doing all that backtracking and multi-path analysis.)
It's probably still best to perform static and dynamic analysis as well as conventional debugging - and all of it behind a strong lead-in based on quality development practices like Rational Unified Process, strong Systems Engineering (in the "Blanchard" style, not some ad-hoc method), code reviews, formalized build processes, etc.
If you're thinking "I can do it all with a debugger", you haven't been paying attention to the software engineering profession and developments over the past many years. There are better ways to get better code, and a debugger alone just doesn't qualify as "quality" anymore. Coverity (and no, I'm not an employee, own stock in them, benefit in any way from promoting them, etc) is a very good supporting member of the cast of development characters.
|
[
Reply To This | View ]
|
|
Re: Auto bug detecting
by Mark Hannessen on Friday 02/Jun/2006, @05:07
|
I just took a look at
http://scan.coverity.com/
and if i have to believe the statistics, it seems kde is bug hunting like mad!
Kde: 817 bugs resolved, 2 verified, 35 uninspected of unverified, lines of code: 4,062,450, bugs: 0.009 bugs / 1000 lines of code.
Gnome: 253 bugs resolved, 35 verified, 634 uninspected of unverified, lines of code: 2,227,424, bugs: 0.300 bugs / 1000 lines of code.
keep it going guys ;)
|
[
Reply To This | View ]
|
The Fine Print: The previous
comments are owned by whomever posted them.
( Reply )
|
|
![[KDE Dot News]](http://www.kde.org/dot/Images/kdedotnews.gif)
